business continuity and disaster recovery planning case study
TRANSCRIPT
![Page 1: Business Continuity and Disaster Recovery Planning Case Study](https://reader031.vdocument.in/reader031/viewer/2022030300/588075231a28ab64028b5f77/html5/thumbnails/1.jpg)
Situation
A mortgage loan verification processing company needed a Disaster Recovery Plan (DRP) as
required by their Private Equity Investment Management firm. I was initially engaged by the
company based upon my BCP and DRP experience with companies that included Tesco Fresh
and Easy, Avery Dennison, Alliance Data Systems, Georgia Pacific, IMERYS, and Fox Rent a
Car to provide specialist disaster recovery management expertise and advice, and to develop a
disaster recovery plan (DRP). The company hosted the IT infrastructure in an AT&T data center
![Page 2: Business Continuity and Disaster Recovery Planning Case Study](https://reader031.vdocument.in/reader031/viewer/2022030300/588075231a28ab64028b5f77/html5/thumbnails/2.jpg)
environment with significant redundancy and failover capability at a location of over 200 miles
from the corporate headquarters. The IT systems environment included critical systems that
would result in the shut-down loan processing should they become unavailable for an extended
period of time.
After initial project scope discussions the client decided that they wanted to engage me in
developing Business Continuity and Disaster Recovery Plans.
Action
A Business Impact Analysis (BIA) was performed to as the first step in developing new business
contingency solutions. The BIA is the foundation on which the clients overall recovery and
resumption plan rests.
I worked closely with the company’s management to gain a deep understanding of the business
operations, key business processes, IT environment, recovery time objectives (RTO) and
recovery point objectives (RPO). We started with tough questions, such as:
What are the critical business processes?
What are the risks of their particular business?
How can the risks be quantified and qualified?
What unique needs must be considered to ensure that this business can endure a disaster?
What are the potential financial loses should a critical incident occur and how quickly
would the business need to recover from an incident?
How much loss can be tolerated?
What would you do if your employees couldn’t get to work?
What would happen if your customers couldn’t reach you for a few hours, days or even
weeks?
How would you deal with the loss of critical business data?
I performed numerous surveys, one on one and group interviews, documented the findings,
reviewed and validated with the client.
Response
Built and documented the plans
The critical functions, their recovery priorities, and their interdependencies were established so
that the recovery time objective (RTO) and recovery point objectives (RPO) could be set.
The requirements for IT service continuity were defined and documented. Strategies for
recovery, based on a number of outcome scenarios - such as loss of data center, system failure, or
denial of access to facilities – were defined.
![Page 3: Business Continuity and Disaster Recovery Planning Case Study](https://reader031.vdocument.in/reader031/viewer/2022030300/588075231a28ab64028b5f77/html5/thumbnails/3.jpg)
Comprehensive plans were developed which defined key functions, such as communications,
recovery teams, documentation and contacts. The plan included references to underlying
procedures documentation and reference material that may be required.
Provided user training
Training and awareness of the plan and walkthrough strategies were completed through a series
of workshop-based scenario tests. The walkthroughs were successfully carried out with all team
members becoming fully trained in their roles. Refinements to the plan were made as a result of
these tests.
Performed BC and DR functionality tests
IT failover for production services were thoroughly tested including their secondary services.
Any anomalies were resolved and retesting was performed until all issues were resolved.
Business plans of action in the event operations disruption by events such as severe weather, fire,
earthquake, malicious activity, or electric utility disruption were tested.
Conducted user acceptance testing
Assembled a team of Subject Matter Experts for this activity to gain sign-off.
The Training Plan and training materials created during the Execute Phase were updated as
necessary.
Finalized the Business Continuity Plan that prescribes how to conduct business and serve clients
following a disruptive event, before restoration of services occurs. Finalized the Service
Recovery (aka Disaster Recovery) Plan detailing a plan of action in the event operations are
disrupted by events such as severe weather, fire, earthquake, malicious activity, or electric utility
disruption. Plans should include provisions to update and improve these plans at least annually,
or each time services or infrastructure undergoes major changes. Related activities may include
IT security classification, risk assessment, and compliance evaluation.
Delivered full final versions of the BCP and DRP
Handed the customer a complete set of customizable documentation in Word and PDF formats.
Enjoy all my articles at:
https://www.linkedin.com/today/post/author/posts#published?trk=mp-reader-h